Patent Application Titled “Data Processing Systems And Methods For Customizing Privacy Training” Published Online (USPTO 20220245539): OneTrust LLC

2022 AUG 19 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US); Clearwater, Andrew (Brunswick, ME, US); Walk, Hannah Rose (Atlanta, GA, US), filed on April 11, 2022, was made available online on August 4, 2022.

The assignee for this patent application is OneTrust LLC (Atlanta, Georgia, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.

“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly. There is also a need for improved systems and methods for estimating the timing of vendor risk analysis and procurement and providing effective training to ensure that employees and/or vendors are compliant with applicable privacy and security regulations and standards.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating customized training content. In accordance with various aspects, a method is provided that comprises: establishing, by computing hardware and based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, by the computing hardware and based on inputs received during the communication session, a role attribute associated with a risk or other operation associated with a particular process, wherein the role attribute as updated identifies a second user account; modifying, by the computing hardware, a data map accessible by the risk management system software and training software with data indicating an update to the role attribute; generating, by the computing hardware, customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, by the computing hardware and based on a trainee parameter for the trainee, the data map, identifying, by the computing hardware using the data map, a role for the trainee, identifying, by the computing hardware and based on the role and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, by the computing hardware and based on the contextual information, a customization for the customized training content, and altering, by the computing hardware based on the customization, source training content to generate the customized training content comprising the particular training content; and providing, by the computing hardware, access to the customized training content to the trainee via a graphical user interface.

“In some aspects, the method further comprises: receiving, by the computing hardware, a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting, by the computing hardware, an instruction to a browser application executing on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device. In some aspects, the method further comprises identifying, by the computing hardware and based on the trainee parameter, training data for the trainee, wherein the training data comprises a completion status for the trainee with respect to training requirements associated with the particular process, and identifying the contextual information is further based on the training data.

“In some aspects, altering the source training content comprises altering at least one of an image or video content of the source training content to integrate a face of a particular individual into the customized training content. In some aspects, altering the source training content comprises altering audio content of the source training content to integrate a voice of a particular individual into the customized training content.

“In accordance with various aspects, a system is provided comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium. In particular aspects, the processing device is configured to execute the instructions and thereby perform operations that comprise: establishing, based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, based on inputs received during the communication session, a role attribute associated with a risk or other operation associated with a particular process, wherein the role attribute as updated identifies a second user account; modifying a data map accessible by the risk management system software and training software with data indicating an update to the role attribute; generating customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, based on a trainee parameter for the trainee, the data map, identifying, using the data map, an organization for the trainee, identifying, based on the organization and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, based on the contextual information, a customization for the customized training content, and altering, based on the customization, source training content to generate the customized training content comprising the particular training content; and providing access to the customized training content to the trainee via a graphical user interface.

“In some aspects, the operations further comprise: receiving a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device. In some aspects, the operations further comprise identifying, based on the trainee parameter, training data for the trainee, the training data comprising a completion status for the trainee with respect to training requirements associated with the particular process, and identifying the contextual information is further based on the training data.

“In some aspects, altering the source training content comprises altering an image or video content of the source training content to integrate a face of a particular individual into the customized training content. In some aspects, altering the source training content comprises altering audio content of the source training content to integrate a voice of a particular individual into the customized training content. In some aspects, altering the source training content comprises altering at least one of video content or audio content of the source training content to integrate at least one of a brand, a logo, or a motto for the organization into the customized training content. In some aspects, altering the source training content comprises altering at least one of video content or audio content of the source training content to replace a generic term with a name of the organization in the customized training content.

“In addition in accordance with various aspects, a non-transitory computer-readable medium having program code that is stored thereon. In particular aspects, the program code executable by one or more processing devices performs operations that comprise: establishing, based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, based on inputs received during the communication session, a trainee attribute associated with a risk or other operation associated with a particular process, wherein the trainee attribute as updated identifies a second user account; modifying a data map accessible by the risk management system software and training software with data indicating an update to the trainee attribute; generating customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, based on a trainee parameter for the trainee, the data map, identifying, using the data map, the trainee attribute for the trainee, identifying, based on the trainee attribute and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, based on the contextual information, a customization for the customized training content, and altering, based on the customization, a training template to generate the customized training content comprising the particular training content; and providing access to the customized training content to the trainee via a graphical user interface.

“In some aspects, the trainee attribute comprises at least one of a role or an organization for the trainee. In some aspects, the operations further comprise: receiving a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device. In some aspects, the operations further comprise identifying, based on the trainee parameter, training data for the trainee, the training data comprising a completion status for the trainee with respect to training requirements associated with the particular process, and identifying the contextual information is further based on the training data.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method comprising: establishing, by computing hardware and based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, by the computing hardware and based on inputs received during the communication session, a role attribute associated with a risk or other operation associated with a particular process, wherein the role attribute as updated identifies a second user account; modifying, by the computing hardware, a data map accessible by the risk management system software and training software with data indicating an update to the role attribute; generating, by the computing hardware, customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, by the computing hardware and based on a trainee parameter for the trainee, the data map, identifying, by the computing hardware using the data map, a role for the trainee, identifying, by the computing hardware and based on the role and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, by the computing hardware and based on the contextual information, a customization for the customized training content, and altering, by the computing hardware based on the customization, source training content to generate the customized training content comprising the particular training content; and providing, by the computing hardware, access to the customized training content to the trainee via a graphical user interface.

“2. The method of claim 1 further comprising: receiving, by the computing hardware, a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting, by the computing hardware, an instruction to a browser application executing on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device.

“3. The method of claim 1, wherein altering the source training content comprises altering at least one of an image or video content of the source training content to integrate a face of a particular individual into the customized training content.

“4. The method of claim 1, wherein altering the source training content comprises altering audio content of the source training content to integrate a voice of a particular individual into the customized training content.

“5. The method of claim 1 further comprising: identifying, by the computing hardware and based on the trainee parameter, training data for the trainee, wherein the training data comprises a completion status for the trainee with respect to training requirements associated with the particular process, and identifying the contextual information is further based on the training data.

“6. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: establishing, based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, based on inputs received during the communication session, a role attribute associated with a risk or other operation associated with a particular process, wherein the role attribute as updated identifies a second user account; modifying a data map accessible by the risk management system software and training software with data indicating an update to the role attribute; generating customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, based on a trainee parameter for the trainee, the data map, identifying, using the data map, an organization for the trainee, identifying, based on the organization and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, based on the contextual information, a customization for the customized training content, and altering, based on the customization, source training content to generate the customized training content comprising the particular training content; and providing access to the customized training content to the trainee via a graphical user interface.

“7. The system of claim 6, wherein the operations further comprise: receiving a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device.

“8. The system of claim 6, wherein altering the source training content comprises altering an image or video content of the source training content to integrate a face of a particular individual into the customized training content.

“9. The system of claim 6, wherein altering the source training content comprises altering audio content of the source training content to integrate a voice of a particular individual into the customized training content.

“10. The system of claim 6, wherein altering the source training content comprises altering at least one of video content or audio content of the source training content to integrate at least one of a brand, a logo, or a motto for the organization into the customized training content.

“11. They system of claim 6, wherein altering the source training content comprises altering at least one of video content or audio content of the source training content to replace a generic term with a name of the organization in the customized training content.

“12. The system of claim 6, wherein the operations further comprise identifying, based on the trainee parameter, training data for the trainee, the training data comprising a completion status for the trainee with respect to training requirements associated with the particular process, and identifying the contextual information is further based on the training data.

“13. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: establishing, based on a credential associated with a first user account, a communication session between a risk management system software and a first computing device; updating, based on inputs received during the communication session, a trainee attribute associated with a risk or other operation associated with a particular process, wherein the trainee attribute as updated identifies a second user account; modifying a data map accessible by the risk management system software and training software with data indicating an update to the trainee attribute; generating customized training content for a trainee engaged in the particular process, wherein generating the customized training content comprises: identifying, based on a trainee parameter for the trainee, the data map, identifying, using the data map, the trainee attribute for the trainee, identifying, based on the trainee attribute and a topic related to the particular process, contextual information, wherein the contextual information identifies particular training content to include in the customized training content, determining, based on the contextual information, a customization for the customized training content, and altering, based on the customization, a training template to generate the customized training content comprising the particular training content; and providing access to the customized training content to the trainee via a graphical user interface.

“14. The non-transitory computer-readable medium of claim 13, wherein the trainee attribute comprises at least one of a role or an organization for the trainee.

“15. The non-transitory computer-readable medium of claim 13, wherein the operations further comprise: receiving a training content request for the customized training content, wherein the training content request originates from the graphical user interface; and responsive to receiving the training content request, transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized training content and present the customized training content on a second graphical user interface on the user device.

“16. The non-transitory computer-readable medium of claim 13, wherein altering the training template comprises altering an image or video content of the training template to integrate a face of a particular individual into the customized training content.

“17. The non-transitory computer-readable medium of claim 13, wherein altering the training template comprises altering audio content of the training template to integrate a voice of a particular individual into the customized training content.”

There are additional claims. Please visit full patent to read further.

For more information, see this patent application: Barday, Kabir A.; Brannon, Jonathan Blake; Clearwater, Andrew; Walk, Hannah Rose. Data Processing Systems And Methods For Customizing Privacy Training. Filed April 11, 2022 and posted August 4, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220245539%22.PGNR.&OS=DN/20220245539&RS=DN/20220245539

(Our reports deliver fact-based news of research and discoveries from around the world.)